Home » Uncategorized

Behavioural Biometrics, IoT and AI

Behavioural Biometrics, IoT and AI


Biometrics is defined as the science of establishing the identity of an individual based on physical, chemical or behavioural attributes of the person. We see the deployment of Biometrics in many industries such as smart homes, automotive, banking, healthcare etc. According to Gartner, biometric sensors such as premise security entry consoles will total at least 500 million IoT connections in year 2018. Acuity Market Intelligence forecasts that within three years, biometrics will become a standard feature on smartphones as well as other mobile devices. IoT (Internet of Things) connects the Physical world to the virtual world – and in doing so – provides elements of Biometric Data. To discuss these issues, please join a new meetup group in London Behavioural Biometrics IoT and AI

Behavioural Biometrics

While Physical Biometric techniques (like fingerprint recognition, IRIS scans etc) are well established, Behavioural biometrics systems are still emerging. According to the IBIA White paper, Behavioural biometrics provides a new generation of user security solutions that  identify individuals  based on the  unique way they interact with computer devices  like smartphones, tablets or mouse-screen-and-keyboard. By measuring everything from how the  user holds  the  phone or how they swipe the  screen, to which keyboard or gestural shortcuts they use,  software algorithms build a unique user profile, which can then be used to confirm  the  user’s identity  on subsequent interactions.

Currently,  behavioral biometrics are  deployed as an additional layer to enhance identity  authentication and fraud  detection systems but they provide a number of advantages over traditional biometric technologies.

  • They can be collected non-obtrusively or even without the knowledge of the user
  • They do not need any specialized hardware
  • Behavioural biometrics are completely frictionless because users can be enrolled in the  background during  normal interactions – they do not slow, interrupt or interfere with the  user experience. 
  • Because there are  dozens and  dozens of data points collected, and  any combination of them can be used to identify a user, identification is accurate and  precise and  users cannot practicably be impersonated.
  • Because authentication happens throughout the  entire course of the  transaction, behavioural biometrics provides powerful protection against insider  threats and  account takeover, as well as identity  theft.
  • Behavioural biometrics does not  replace the  password or other legacy forms  of identity  authentication, but  it does reduce the burden placed on them to protect sensitive data.

Behavioural Biometrics techniques

In Behavioural biometrics: a survey and classification, Yampolskiy & Govindaraju provide a survey of behavioural biometric techniques.  They classify Behavioural biometrics into five categories based on the type of information about the user being collected.

  • Category one is made up of authorship based biometrics (ex examining a piece of text produced by a person).
  • Category two consists of human computer interaction (HCI)-based biometrics ex the use of Keystroke biometrics.
  • Category Three involves using events that can be obtained by monitoring user’s HCI behaviour indirectly via observable low-level actions of computer software(for example audit logs).
  • Category four involves tracking of motor skills of the users in performing certain tasks. Finally,
  • Category five involves purely behavioural biometrics. such as the way an individual walks.

 The authors also present a generalized algorithm for implementing behavioural biometric with the following steps:

  • Pick behaviour
  • Break-up behaviour into component actions
  • Determine frequencies of component actions for each user
  • Combine results into a feature vector profile
  • Apply similarity measure function to the stored template and current behaviour
  • Experimentally determine a threshold value
  • Verify or reject user based on the similarity score comparison to the threshold value.

Behavioural Biometrics – IoT and AI

So, with this background, what is the relationship between Behavioural biometrics, IoT and AI?

  • Behavioral biometrics relies on increasingly ubiquitous, mobile  and IoT devices  to capture data points  that  will authenticate the  user.
  • Increasingly, IoT and Mobile devices provide continuous Authentication over the session.
  • The individual pattern/profile is hard to spoof because it ties to your unique behaviour comprising of physiology and considering other factors like social, psychological and health factors.
  • Rather than focusing on an activity’s outcome, behavioral biometrics focuses on how  a user conducts the specified activity. This means, real time AI algorithms can be used to validate detect behaviour even as the activity progress (and is yet to complete). For example – keyboard metrics can detect behaviour as the transaction progresses without waiting for it to complete
  • Finally, behavioral biometrics are agnostic of personally identifiable information or PII. I don’t need to know anything about you to be sure it’s you. I just need to ensure that you are the same person who logged in the last time. Hence, there is scope to create new algorithms which are PII protecting by using Behavioual biometrics  .

To discuss these issues, please join a new meetup group in London  Behavioural Biometrics IoT and AI

 Image Shutterstock

Ajit Jaokar conducts a course at Oxford University on Data Science for Internet of Things. He also is a Research Data Scientist working on Behavioural Biometrics

Leave a Reply

Your email address will not be published. Required fields are marked *